Portuguese DPA imposes 400,000 € fine on hospital for two violations of the GDPR

Holiday Special, 17 December 2018 Issue

The Portuguese data protection authority – Comissão Nacional de Protecção de Dados or CNPD – imposed two separate penalties amounting to a 400,000€ fine on a hospital for two violations of the EU General Data Protection Regulation.

The CNPD found the Barreiro Hospital had granted access to patient data to too many users of the hospital’s patient management system. There were 985 users registered for doctor-level access, even though there were only 296 physicians working at the hospital in 2018. The DPA applied a €300,000 fine for this failure to respect patient confidentiality and to limit access to patient data. The CNPD imposed the second fine of €100,000 for the hospital’s inability to ensure data security and data integrity in the system.

Read more about this news here.

Provided by: Access Now